1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jed Davis <jld@mozilla.com>
Date: Fri, 28 Aug 2020 09:23:58 +0000
Subject: [PATCH] Bug 1660901 - Support the fstat-like subset of fstatat in the
Linux sandbox policies. r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D88499
---
security/sandbox/linux/SandboxFilter.cpp | 6 ++++++
security/sandbox/linux/broker/SandboxBrokerUtils.h | 2 ++
2 files changed, 8 insertions(+)
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index e522d61e065c..4087bdc07e01 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -243,6 +243,12 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
auto path = reinterpret_cast<const char*>(aArgs.args[1]);
auto buf = reinterpret_cast<statstruct*>(aArgs.args[2]);
auto flags = static_cast<int>(aArgs.args[3]);
+
+ if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 &&
+ strcmp(path, "") == 0) {
+ return ConvertError(fstatsyscall(fd, buf));
+ }
+
if (fd != AT_FDCWD && path[0] != '/') {
SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, %d)",
fd, path, buf, flags);
diff --git a/security/sandbox/linux/broker/SandboxBrokerUtils.h b/security/sandbox/linux/broker/SandboxBrokerUtils.h
index 85a006740c2c..db33b5028e77 100644
--- a/security/sandbox/linux/broker/SandboxBrokerUtils.h
+++ b/security/sandbox/linux/broker/SandboxBrokerUtils.h
@@ -19,10 +19,12 @@
typedef struct stat64 statstruct;
# define statsyscall stat64
# define lstatsyscall lstat64
+# define fstatsyscall fstat64
#elif defined(__NR_stat)
typedef struct stat statstruct;
# define statsyscall stat
# define lstatsyscall lstat
+# define fstatsyscall fstat
#else
# error Missing stat syscall include.
#endif
|